[PATCH 3/4] powerpc/pseries/ibmebus: reject zero-length bus attribute writes

[Pengpeng Hou]

probe_store() and remove_store() pass count to ibmebus_chomp(), whose
newline stripping logic unconditionally inspects out[count - 1]. A
zero-length write therefore reads one byte before the allocated buffer.

Reject empty writes before calling ibmebus_chomp().

Fixes: 0727702a3a6a ("[POWERPC] ibmebus: change probe/remove interface from using loc-code to DT path")
Signed-off-by: Pengpeng Hou <pengpeng at iscas.ac.cn>
---
 arch/powerpc/platforms/pseries/ibmebus.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/ibmebus.c b/arch/powerpc/platforms/pseries/ibmebus.c
index cad2deb7e70d..5faf1a5754de 100644
--- a/arch/powerpc/platforms/pseries/ibmebus.c
+++ b/arch/powerpc/platforms/pseries/ibmebus.c
@@ -276,6 +276,9 @@ static ssize_t probe_store(const struct bus_type *bus, const char *buf, size_t c
 	char *path;
 	ssize_t rc = 0;
 
+	if (!count)
+		return -EINVAL;
+
 	path = ibmebus_chomp(buf, count);
 	if (!path)
 		return -ENOMEM;
@@ -312,6 +315,9 @@ static ssize_t remove_store(const struct bus_type *bus, const char *buf, size_t
 	struct device *dev;
 	char *path;
 
+	if (!count)
+		return -EINVAL;
+
 	path = ibmebus_chomp(buf, count);
 	if (!path)
 		return -ENOMEM;
-- 
2.50.1 (Apple Git-155)